From 8a94b1740ad5c1676c8b4574733961fc36b1ad78 Mon Sep 17 00:00:00 2001 From: gotoyuzo Date: Mon, 22 Aug 2005 20:47:55 +0000 Subject: * ext/openssl/ossl_ns_spki.c (ossl_spki_initialize): try to decode the argument as a string. * ext/openssl/ossl_ns_pki.c (ossl_spki_to_der): new method. * ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should set @time to avoid warning. * ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths, X509_STORE_add_cert, X509_STORE_add_crl): should raise error if wrapped functions fails. * ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message. * ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid of unused variable. * test/openssl/test_ns_spki.rb: add new file. * test/openssl/test_x509store.rb: add test for error. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9021 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- test/openssl/test_ns_spki.rb | 59 ++++++++++++++++++++++++++++++++++++++++++ test/openssl/test_x509store.rb | 22 ++++++++++++++++ 2 files changed, 81 insertions(+) create mode 100644 test/openssl/test_ns_spki.rb (limited to 'test') diff --git a/test/openssl/test_ns_spki.rb b/test/openssl/test_ns_spki.rb new file mode 100644 index 0000000000..3937132aa0 --- /dev/null +++ b/test/openssl/test_ns_spki.rb @@ -0,0 +1,59 @@ +begin + require "openssl" + require File.join(File.dirname(__FILE__), "utils.rb") +rescue LoadError +end +require "test/unit" + +if defined?(OpenSSL) + + +class OpenSSL::TestNSSPI < Test::Unit::TestCase + def setup + # This request data is adopt from the specification of + # "Netscape Extensions for User Key Generation". + # -- http://wp.netscape.com/eng/security/comm4-keygen.html + @b64 = "MIHFMHEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAnX0TILJrOMUue+PtwBRE6XfV" + @b64 << "WtKQbsshxk5ZhcUwcwyvcnIq9b82QhJdoACdD34rqfCAIND46fXKQUnb0mvKzQID" + @b64 << "AQABFhFNb3ppbGxhSXNNeUZyaWVuZDANBgkqhkiG9w0BAQQFAANBAAKv2Eex2n/S" + @b64 << "r/7iJNroWlSzSMtTiQTEB+ADWHGj9u1xrUrOilq/o2cuQxIfZcNZkYAkWP4DubqW" + @b64 << "i0//rgBvmco=" + end + + def teardown + end + + def test_build_data + key1 = OpenSSL::TestUtils::TEST_KEY_RSA1024 + key2 = OpenSSL::TestUtils::TEST_KEY_RSA2048 + spki = OpenSSL::Netscape::SPKI.new + spki.challenge = "RandomString" + spki.public_key = key1.public_key + spki.sign(key1, OpenSSL::Digest::SHA1.new) + assert(spki.verify(spki.public_key)) + assert(spki.verify(key1.public_key)) + assert(!spki.verify(key2.public_key)) + + der = spki.to_der + spki = OpenSSL::Netscape::SPKI.new(der) + assert_equal("RandomString", spki.challenge) + assert_equal(key1.public_key.to_der, spki.public_key.to_der) + assert(spki.verify(spki.public_key)) + end + + def test_decode_data + spki = OpenSSL::Netscape::SPKI.new(@b64) + assert_equal(@b64, spki.to_pem) + assert_equal(@b64.unpack("m").first, spki.to_der) + assert_equal("MozillaIsMyFriend", spki.challenge) + assert_equal(OpenSSL::PKey::RSA, spki.public_key.class) + + spki = OpenSSL::Netscape::SPKI.new(@b64.unpack("m").first) + assert_equal(@b64, spki.to_pem) + assert_equal(@b64.unpack("m").first, spki.to_der) + assert_equal("MozillaIsMyFriend", spki.challenge) + assert_equal(OpenSSL::PKey::RSA, spki.public_key.class) + end +end + +end diff --git a/test/openssl/test_x509store.rb b/test/openssl/test_x509store.rb index 6696020af7..b0fe597262 100644 --- a/test/openssl/test_x509store.rb +++ b/test/openssl/test_x509store.rb @@ -191,6 +191,28 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase assert_equal(OpenSSL::X509::V_ERR_CRL_HAS_EXPIRED, store.error) assert_equal(false, store.verify(ee2_cert)) end + + def test_set_errors + now = Time.now + ca1_cert = issue_cert(@ca1, @rsa2048, 1, now, now+3600, [], + nil, nil, OpenSSL::Digest::SHA1.new) + store = OpenSSL::X509::Store.new + store.add_cert(ca1_cert) + assert_raises(OpenSSL::X509::StoreError){ + store.add_cert(ca1_cert) # add same certificate twice + } + + revoke_info = [] + crl1 = issue_crl(revoke_info, 1, now, now+1800, [], + ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new) + revoke_info = [ [2, now, 1], ] + crl2 = issue_crl(revoke_info, 2, now+1800, now+3600, [], + ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new) + store.add_crl(crl1) + assert_raises(OpenSSL::X509::StoreError){ + store.add_crl(crl2) # add CRL issued by same CA twice. + } + end end end -- cgit v1.2.3